1. Field of the Invention
The present invention relates to databases. More specifically, the present invention relates to a method and an apparatus for generating random data-encryption keys for database log files.
2. Related Art
Many database systems use encryption to secure data against unauthorized use. Typically, this involves encrypting the data that the database is managing, as well as encrypting system log files that record the transactions performed on the database.
For various reasons, a copy of the secret key which is used to encrypt and decrypt data within the log files is typically stored in the header of the log file. In order to prevent someone who obtains a copy of the log file from decrypting the data, a key-encryption key, which is not stored with the log file, is typically used to wrap (encrypt) the secret key. Hence, in order to decrypt data in the log file, the wrapped secret key must first be unwrapped by using the key-encryption key.
However, wrapping the secret key at log file creation time can be problematic. It typically requires a large amount of resources to wrap the secret key with the key-encryption key. Furthermore, in many cases, databases systems are installed and configured by third-parties before being sent to end-users. These third parties typically do not have access to the end-user's key-encryption keys. This is especially problematic with regards to sequential-access storage mediums and write-once storage mediums.
Hence, what is needed is a method and apparatus for creating wrapped secret keys without the problems listed above.